The thing with cyberattacks is that they come in two parts. The first is that you get pwned. The second is that authorities often want to investigate you to see if you did or didn’t do something that led to the attack. Change Healthcare is into the second part after being pwned a few weeks ago. Here’s what HHS had to say:
Given the unprecedented magnitude of this cyberattack, and in the best interest of patients and health care providers, OCR is initiating an investigation into this incident. OCR’s investigation of Change Healthcare and UHG will focus on whether a breach of protected health information occurred and Change Healthcare’s and UHG’s compliance with the HIPAA Rules.
Ken Westin, Field CISO, Panther Labs had this to say:
I hope the investigation focuses on lessons learned and what both healthcare and government can do in partnership to both reduce the threat, as well as increase resilience to these types of attacks. If the goal of the investigation is to be punitive and seek fault to levy fines, I fear it would send the wrong message to the healthcare industry and will result in less collaboration and openness about these high impact security incidents. In my experience, healthcare IT and security departments are often underfunded and under resourced compared to other industries while at the same time dealing with unique challenges while having to navigate strict regulatory compliance frameworks. The best way to better secure the healthcare industry is through open dialogue and collaboration across the industry and with government resources.
I for one will be interested to see what comes of this investigation given how much disruption that it has caused. I am sure that there will be other interested parties interested in the outcome as well. Having said that, I am sure that Change Healthcare and its parent UHG will find this investigation a couple steps below a proctology exam. Which is good because all the facts of this attack need to come out.
Like this:
Like Loading...
Related
This entry was posted on March 14, 2024 at 2:48 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
HHS Opens Investigation Into Change Healthcare Hack
The thing with cyberattacks is that they come in two parts. The first is that you get pwned. The second is that authorities often want to investigate you to see if you did or didn’t do something that led to the attack. Change Healthcare is into the second part after being pwned a few weeks ago. Here’s what HHS had to say:
Given the unprecedented magnitude of this cyberattack, and in the best interest of patients and health care providers, OCR is initiating an investigation into this incident. OCR’s investigation of Change Healthcare and UHG will focus on whether a breach of protected health information occurred and Change Healthcare’s and UHG’s compliance with the HIPAA Rules.
Ken Westin, Field CISO, Panther Labs had this to say:
I hope the investigation focuses on lessons learned and what both healthcare and government can do in partnership to both reduce the threat, as well as increase resilience to these types of attacks. If the goal of the investigation is to be punitive and seek fault to levy fines, I fear it would send the wrong message to the healthcare industry and will result in less collaboration and openness about these high impact security incidents. In my experience, healthcare IT and security departments are often underfunded and under resourced compared to other industries while at the same time dealing with unique challenges while having to navigate strict regulatory compliance frameworks. The best way to better secure the healthcare industry is through open dialogue and collaboration across the industry and with government resources.
I for one will be interested to see what comes of this investigation given how much disruption that it has caused. I am sure that there will be other interested parties interested in the outcome as well. Having said that, I am sure that Change Healthcare and its parent UHG will find this investigation a couple steps below a proctology exam. Which is good because all the facts of this attack need to come out.
Share this:
Like this:
Related
This entry was posted on March 14, 2024 at 2:48 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.